Enterprise Architecture: The foundation of good security

B2B Editor7 June 2017

Enterprise architecture can often be viewed as bringing order to a highly complex ICT portfolio and is thus unnecessary for small businesses. However, small-scale enterprise architecture can assist any organisation to rationalise investment by making cost-effective, technology-based decisions that support business objectives.

The role of enterprise architecture in any organisation is to highlight the strategic direction of the business and to ensure that supporting and enabling capabilities, such as ICT and cyber security, are aligned with these business goals. Investing in enterprise architecture should not be viewed as worthwhile for only large organisations. Experienced architects can apply the same methodologies and principles used in developing large-scale enterprise architecture while tailoring the investment to the size of the business.

The protection of business assets is not a one-size-fits-all model. Investing in the security of your business poses similar challenges to protecting your home; both require informed decisions regarding the value inside. If you invest in a secure safe for your home, what items would you choose to store in that safe? Would the expensive jewellery or the family heirlooms make the cut? Each household places a different value on such items. Understanding where value lies in your small business is just as important.

While architecture can be overlooked in the remediation of cyber security risks, enterprise architects are acutely aware of the importance of security in architecture. All modern architectural frameworks and methodologies highlight security as a pervasive concern to be addressed at every stage in the architecture development. Good architecture can’t happen without security, so security shouldn’t happen without architecture.

Cyber security is not a discipline to protect ICT assets, its focus is the protection of business assets. Risk remediation is generally not aimed at protecting a server itself, but the data contained within that server. Without a good understanding of how the business produces value, and how it is affected by technology capabilities and risks, an organisation cannot accurately determine which assets to invest in to provide the greatest safeguard of the business’ value.

When it comes to managing cyber security in any organisation, making the right investment decisions is paramount. This is where enterprise architecture can provide the greatest benefit. Architecture is about piecing together all the building blocks that support your business goals and strategies. Each building block is intrinsically linked but, without enterprise architecture, it’s not always apparent how the bottom-most building blocks support the higher-level business needs. When investment is required to protect against cyber security threats, having a clear picture of how all the pieces fit together will provide you with the insight needed to prioritise that investment.

Newsletter

We package up the most-read B2B Magazine stories and send direct to your inbox. Subscribing is the easiest way to keep up, in one hit.